← Back to the AI Dependency AtlasExact repository supply-chain dossier

KERN KI Chat-Bot Example

kern-ux/kern-labor-projekte/kern-ki-bot
npm

This dossier retains 931 exact component occurrences from 2 published evidence files at one immutable repository commit.

opencode:8658ccc472c2c6fdproject ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
931exact component occurrences
714package identities
2evidence files
73OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathpackage-lock.jsonsha256:efce8eeb26af73ae7df23849ff19164513bc529b10097eb7e32bdcab39e805a3
Format
npm-lock
Parser state
parsed
Resolved components
724
Open exact source ↗
Evidence pathsrc/ai-search/package-lock.jsonsha256:ca6464b90e58d5630aaf94c19188d53285e0f05d08253c2e0a294c173d40ed49
Format
npm-lock
Parser state
parsed
Resolved components
207
Open exact source ↗
Observed relations

Package identities at this commit

npmOpenAI SDKnpm:openai
2 Occurrences4.104.0 · 5.23.2
Apache-2.0
npmaxiosnpm:axios
2 Occurrences1.11.0 · 1.13.2
MIT25 OSV records returned
npmundicinpm:undici
2 Occurrences7.13.0 · 7.18.2
MIT14 OSV records returned
npmminimatchnpm:minimatch
5 Occurrences10.0.3 · 10.1.1 · 3.1.2 · 9.0.5
BlueOak-1.0.0 · ISC3 OSV records returned
npmqsnpm:qs
2 Occurrences6.13.0 · 6.14.1
BSD-3-Clause3 OSV records returned
npmbrace-expansionnpm:brace-expansion
3 Occurrences1.1.12 · 2.0.2
MIT2 OSV records returned
npmflattednpm:flatted
1 Occurrence3.3.3
ISC2 OSV records returned
npmjs-yamlnpm:js-yaml
3 Occurrences3.14.1 · 3.14.2 · 4.1.1
MIT2 OSV records returned
npmlodashnpm:lodash
1 Occurrence4.17.21
MIT2 OSV records returned
npmmarkdown-itnpm:markdown-it
1 Occurrence14.1.0
MIT2 OSV records returned
npmpicomatchnpm:picomatch
2 Occurrences2.3.1 · 4.0.3
MIT2 OSV records returned
npm@isaacs/brace-expansionnpm:@isaacs/brace-expansion
1 Occurrence5.0.0
MIT1 OSV record returned
npmajvnpm:ajv
1 Occurrence6.12.6
MIT1 OSV record returned
npmdiffnpm:diff
1 Occurrence5.2.0
BSD-3-Clause1 OSV record returned
npmfollow-redirectsnpm:follow-redirects
2 Occurrences1.15.11
MIT1 OSV record returned
npmform-datanpm:form-data
2 Occurrences4.0.4 · 4.0.5
MIT1 OSV record returned
npmglobnpm:glob
5 Occurrences10.4.5 · 10.5.0 · 11.0.1 · 11.0.3 · 7.2.3
BlueOak-1.0.0 · ISC1 OSV record returned
npmimmutablenpm:immutable
1 Occurrence5.1.4
MIT1 OSV record returned
npmjwsnpm:jws
1 Occurrence3.2.2
MIT1 OSV record returned
npmlinkify-itnpm:linkify-it
1 Occurrence5.0.0
MIT1 OSV record returned
npmpath-to-regexpnpm:path-to-regexp
2 Occurrences0.1.12
MIT1 OSV record returned
npmpostcssnpm:postcss
1 Occurrence8.4.49
MIT1 OSV record returned
npmprismjsnpm:prismjs
2 Occurrences1.27.0 · 1.30.0
MIT1 OSV record returned
npmshell-quotenpm:shell-quote
1 Occurrence1.8.3
MIT1 OSV record returned
npmsmol-tomlnpm:smol-toml
1 Occurrence1.3.4
BSD-3-Clause1 OSV record returned
npmuuidnpm:uuid
3 Occurrences11.1.0 · 8.3.2 · 9.0.1
MIT1 OSV record returned
npmyamlnpm:yaml
1 Occurrence2.8.2
ISC1 OSV record returned
npm@azure/abort-controllernpm:@azure/abort-controller
1 Occurrence2.1.2
MIT
npm@azure/core-authnpm:@azure/core-auth
1 Occurrence1.10.0
MIT
npm@azure/core-clientnpm:@azure/core-client
1 Occurrence1.10.0
MIT
npm@azure/core-rest-pipelinenpm:@azure/core-rest-pipeline
1 Occurrence1.22.0
MIT
npm@azure/core-tracingnpm:@azure/core-tracing
1 Occurrence1.3.0
MIT
npm@azure/core-utilnpm:@azure/core-util
1 Occurrence1.13.0
MIT
npm@azure/identitynpm:@azure/identity
1 Occurrence4.10.2
MIT
npm@azure/loggernpm:@azure/logger
1 Occurrence1.3.0
MIT
npm@azure/msal-browsernpm:@azure/msal-browser
1 Occurrence4.18.0
MIT
npm@azure/msal-commonnpm:@azure/msal-common
1 Occurrence15.9.0
MIT
npm@azure/msal-nodenpm:@azure/msal-node
1 Occurrence3.6.4
MIT
npm@babel/code-framenpm:@babel/code-frame
1 Occurrence7.28.6
MIT
npm@babel/helper-validator-identifiernpm:@babel/helper-validator-identifier
1 Occurrence7.28.5
MIT
npm@babel/runtimenpm:@babel/runtime
1 Occurrence7.28.6
MIT
npm@emotion/is-prop-validnpm:@emotion/is-prop-valid
1 Occurrence1.4.0
MIT
npm@emotion/memoizenpm:@emotion/memoize
1 Occurrence0.9.0
MIT
npm@emotion/unitlessnpm:@emotion/unitless
1 Occurrence0.10.0
MIT
npm@eslint-community/eslint-utilsnpm:@eslint-community/eslint-utils
1 Occurrence4.9.1
MIT
npm@eslint-community/regexppnpm:@eslint-community/regexpp
1 Occurrence4.12.2
MIT
npm@eslint/eslintrcnpm:@eslint/eslintrc
1 Occurrence2.1.4
MIT
npm@eslint/jsnpm:@eslint/js
1 Occurrence8.57.1
MIT
npm@floating-ui/corenpm:@floating-ui/core
1 Occurrence1.7.3
MIT
npm@floating-ui/domnpm:@floating-ui/dom
1 Occurrence1.7.4
MIT
npm@floating-ui/utilsnpm:@floating-ui/utils
1 Occurrence0.2.10
MIT
npm@gitbeaker/corenpm:@gitbeaker/core
1 Occurrence43.8.0
MIT
npm@gitbeaker/requester-utilsnpm:@gitbeaker/requester-utils
1 Occurrence43.8.0
MIT
npm@gitbeaker/restnpm:@gitbeaker/rest
1 Occurrence43.8.0
MIT
npm@humanwhocodes/config-arraynpm:@humanwhocodes/config-array
1 Occurrence0.13.0
Apache-2.0
npm@humanwhocodes/module-importernpm:@humanwhocodes/module-importer
1 Occurrence1.0.1
Apache-2.0
npm@humanwhocodes/object-schemanpm:@humanwhocodes/object-schema
1 Occurrence2.0.3
BSD-3-Clause
npm@isaacs/balanced-matchnpm:@isaacs/balanced-match
1 Occurrence4.0.1
MIT
npm@isaacs/cliuinpm:@isaacs/cliui
2 Occurrences8.0.2
BlueOak-1.0.0 · ISC
npm@jridgewell/gen-mappingnpm:@jridgewell/gen-mapping
1 Occurrence0.3.13
MIT
npm@jridgewell/resolve-urinpm:@jridgewell/resolve-uri
1 Occurrence3.1.2
MIT
npm@jridgewell/sourcemap-codecnpm:@jridgewell/sourcemap-codec
1 Occurrence1.5.5
MIT
npm@jridgewell/trace-mappingnpm:@jridgewell/trace-mapping
1 Occurrence0.3.31
MIT
npm@kern-ux/nativenpm:@kern-ux/native
1 Occurrence1.3.0
EUPL-1.2
npm@mdx-js/reactnpm:@mdx-js/react
1 Occurrence3.1.1
MIT
npm@nodelib/fs.scandirnpm:@nodelib/fs.scandir
1 Occurrence2.1.5
MIT
npm@nodelib/fs.statnpm:@nodelib/fs.stat
1 Occurrence2.0.5
MIT
npm@nodelib/fs.walknpm:@nodelib/fs.walk
1 Occurrence1.2.8
MIT
npm@npmcli/confignpm:@npmcli/config
1 Occurrence8.3.4
ISC
npm@npmcli/gitnpm:@npmcli/git
1 Occurrence5.0.8
ISC
npm@npmcli/map-workspacesnpm:@npmcli/map-workspaces
1 Occurrence3.0.6
ISC
npm@npmcli/name-from-foldernpm:@npmcli/name-from-folder
1 Occurrence2.0.0
ISC
npm@npmcli/package-jsonnpm:@npmcli/package-json
1 Occurrence5.2.1
ISC
npm@npmcli/promise-spawnnpm:@npmcli/promise-spawn
1 Occurrence7.0.2
ISC
npm@parcel/watchernpm:@parcel/watcher
1 Occurrence2.5.4
MIT
npm@parcel/watcher-android-arm64npm:@parcel/watcher-android-arm64
1 Occurrence2.5.4
MIT
npm@parcel/watcher-darwin-arm64npm:@parcel/watcher-darwin-arm64
1 Occurrence2.5.4
MIT
npm@parcel/watcher-darwin-x64npm:@parcel/watcher-darwin-x64
1 Occurrence2.5.4
MIT
npm@parcel/watcher-freebsd-x64npm:@parcel/watcher-freebsd-x64
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-arm-glibcnpm:@parcel/watcher-linux-arm-glibc
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-arm-muslnpm:@parcel/watcher-linux-arm-musl
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-arm64-glibcnpm:@parcel/watcher-linux-arm64-glibc
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-arm64-muslnpm:@parcel/watcher-linux-arm64-musl
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-x64-glibcnpm:@parcel/watcher-linux-x64-glibc
1 Occurrence2.5.4
MIT
npm@parcel/watcher-linux-x64-muslnpm:@parcel/watcher-linux-x64-musl
1 Occurrence2.5.4
MIT
npm@parcel/watcher-win32-arm64npm:@parcel/watcher-win32-arm64
1 Occurrence2.5.4
MIT
npm@parcel/watcher-win32-ia32npm:@parcel/watcher-win32-ia32
1 Occurrence2.5.4
MIT
npm@parcel/watcher-win32-x64npm:@parcel/watcher-win32-x64
1 Occurrence2.5.4
MIT
npm@pkgjs/parseargsnpm:@pkgjs/parseargs
2 Occurrences0.11.0
MIT
npm@pkgr/corenpm:@pkgr/core
1 Occurrence0.2.9
MIT
npm@tsconfig/docusaurusnpm:@tsconfig/docusaurus
1 Occurrence2.0.7
MIT
npm@types/concat-streamnpm:@types/concat-stream
1 Occurrence2.0.3
MIT
npm@types/debugnpm:@types/debug
1 Occurrence4.1.12
MIT
npm@types/estreenpm:@types/estree
1 Occurrence1.0.8
MIT
npm@types/estree-jsxnpm:@types/estree-jsx
1 Occurrence1.0.5
MIT
npm@types/hastnpm:@types/hast
2 Occurrences2.3.10 · 3.0.4
MIT
npm@types/is-emptynpm:@types/is-empty
1 Occurrence1.2.3
MIT
npm@types/katexnpm:@types/katex
1 Occurrence0.16.8
MIT
npm@types/mdastnpm:@types/mdast
1 Occurrence4.0.4
MIT
npm@types/mdxnpm:@types/mdx
1 Occurrence2.0.13
MIT
npm@types/msnpm:@types/ms
1 Occurrence2.1.0
MIT
npm@types/nodenpm:@types/node
3 Occurrences18.19.121 · 22.19.6 · 24.2.0
MIT
npm@types/node-fetchnpm:@types/node-fetch
1 Occurrence2.6.13
MIT
npm@types/prismjsnpm:@types/prismjs
1 Occurrence1.26.5
MIT
npm@types/reactnpm:@types/react
1 Occurrence19.2.8
MIT
npm@types/react-domnpm:@types/react-dom
1 Occurrence19.2.3
MIT
npm@types/stylisnpm:@types/stylis
1 Occurrence4.2.7
MIT
npm@types/supports-colornpm:@types/supports-color
1 Occurrence8.1.3
MIT
npm@types/unistnpm:@types/unist
2 Occurrences2.0.11 · 3.0.3
MIT
npm@typescript-eslint/eslint-pluginnpm:@typescript-eslint/eslint-plugin
1 Occurrence7.18.0
MIT
npm@typescript-eslint/parsernpm:@typescript-eslint/parser
1 Occurrence7.18.0
BSD-2-Clause · MIT
npm@typescript-eslint/scope-managernpm:@typescript-eslint/scope-manager
1 Occurrence7.18.0
MIT
npm@typescript-eslint/type-utilsnpm:@typescript-eslint/type-utils
1 Occurrence7.18.0
MIT
npm@typescript-eslint/typesnpm:@typescript-eslint/types
1 Occurrence7.18.0
MIT
npm@typescript-eslint/typescript-estreenpm:@typescript-eslint/typescript-estree
1 Occurrence7.18.0
BSD-2-Clause · MIT
npm@typescript-eslint/utilsnpm:@typescript-eslint/utils
1 Occurrence7.18.0
MIT
npm@typescript-eslint/visitor-keysnpm:@typescript-eslint/visitor-keys
1 Occurrence7.18.0
MIT
npm@typespec/ts-http-runtimenpm:@typespec/ts-http-runtime
1 Occurrence0.3.0
MIT
npm@ungap/structured-clonenpm:@ungap/structured-clone
1 Occurrence1.3.0
ISC
npmabbrevnpm:abbrev
1 Occurrence2.0.0
ISC

This page displays 120 of 714 ordered rows. The machine-readable dossier retains the complete exact projection.

OSV

Related OSV records

GHSA-22p9-wv53-3rq4

LinkifyIt#match scan loop has quadratic algorithmic complexity

2 repositories30 Jun 2026
GHSA-23c5-xmqv-rm74

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

2 repositories28 Feb 2026
GHSA-25h7-pfq9-p65f

flatted vulnerable to unbounded recursion DoS in parse() revive phase

1 repository17 Mar 2026
GHSA-2g4f-4pwh-qvx6

ajv has ReDoS when using `$data` option

1 repository04 Mar 2026
GHSA-2mjp-6q6p-2qxm

Undici has an HTTP Request/Response Smuggling issue

1 repository18 Mar 2026
GHSA-35jp-ww65-95wh

axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

2 repositories12 Jun 2026
GHSA-35p6-xmwp-9g52

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

2 repositories21 Jun 2026
GHSA-37ch-88jc-xwx2

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

1 repository08 Jul 2026
GHSA-38c4-r59v-3vqw

markdown-it is has a Regular Expression Denial of Service (ReDoS)

1 repository18 Feb 2026
GHSA-3g43-6gmg-66jw

axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

2 repositories12 Jun 2026
GHSA-3p68-rc4w-qgx5

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

1 repository08 May 2026
GHSA-3ppc-4f35-3m26

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

2 repositories24 Feb 2026
GHSA-3v7f-55p6-f55p

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

3 repositories28 Mar 2026
GHSA-3w6x-2g7m-8v23

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

2 repositories06 May 2026
GHSA-43fc-jf86-j433

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

1 repository08 May 2026
GHSA-445q-vr5w-6q77

Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream

2 repositories06 May 2026
GHSA-48c2-rrv3-qjmp

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

1 repository27 Mar 2026
GHSA-4992-7rv2-5pvq

Undici has CRLF Injection in undici via `upgrade` option

1 repository18 Mar 2026
GHSA-4hjh-wcwx-xvwj

Axios is vulnerable to DoS attack through lack of data size check

1 repository04 Feb 2026
GHSA-5c9x-8gcm-mpgx

Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

2 repositories06 May 2026
GHSA-5j98-mcp5-4vw2

glob CLI: Command injection via -c/--cmd executes matches with shell:true

1 repository04 Feb 2026
GHSA-62hf-57xw-28j9

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

2 repositories08 Jun 2026
GHSA-6chq-wfr3-2hj9

Axios: Header Injection via Prototype Pollution

2 repositories06 May 2026
GHSA-6rw7-vpxm-498p

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

1 repository04 Mar 2026
GHSA-6v5v-wf23-fmfq

markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

2 repositories18 Jun 2026
GHSA-73rr-hh4g-fpgx

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

2 repositories05 Feb 2026
GHSA-777c-7fjr-54vf

Allocation of Resources Without Limits or Throttling in Axios

2 repositories12 Jun 2026
GHSA-7h2j-956f-4vf2

@isaacs/brace-expansion has Uncontrolled Resource Consumption

1 repository05 Feb 2026
GHSA-7r86-cg39-jmmj

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

2 repositories28 Feb 2026
GHSA-869p-cjfg-cm3x

auth0/node-jws Improperly Verifies HMAC Signature

1 repository04 Feb 2026
GHSA-898c-q2cr-xwhg

axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions

2 repositories12 Jun 2026
GHSA-c2c7-rcm5-vvqj

Picomatch has a ReDoS vulnerability via extglob quantifiers

3 repositories28 Mar 2026
GHSA-f23m-r3pf-42rh

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

2 repositories08 Jul 2026
GHSA-f269-vfmq-vjvj

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

1 repository18 Mar 2026
GHSA-f886-m6hf-6m8v

brace-expansion: Zero-step sequence causes process hang and memory exhaustion

2 repositories27 Mar 2026
GHSA-fvcv-3m26-pcqx

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

1 repository20 May 2026
GHSA-g8m3-5g58-fq7m

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

2 repositories21 Jun 2026
GHSA-g9mf-h72j-4rw9

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

1 repository04 Feb 2026
GHSA-h67p-54hq-rp68

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

2 repositories29 Jun 2026
GHSA-hfxv-24rg-xrqf

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

2 repositories18 Jun 2026
GHSA-hm92-r4w5-c3mj

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

1 repository21 Jun 2026
GHSA-hmw2-7cc7-3qxx

form-data: CRLF injection in form-data via unescaped multipart field names and filenames

2 repositories17 Jun 2026
GHSA-j5f8-grm9-p9fc

Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

2 repositories12 Jun 2026
GHSA-jxxr-4gwj-5jf2

brace-expansion: Large numeric range defeats documented `max` DoS protection

1 repository09 Jun 2026
GHSA-m7pr-hjqh-92cm

Axios: no_proxy bypass via IP alias allows SSRF

2 repositories06 May 2026
GHSA-mh29-5h37-fv8m

js-yaml has prototype pollution in merge (<<)

1 repository08 Jul 2026
GHSA-p88m-4jfj-68fv

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

2 repositories21 Jun 2026
GHSA-p92q-9vqr-4j8v

Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

2 repositories12 Jun 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): KERN KI Chat-Bot Example — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-8658/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools